Alternate user communication routing for a one-time credential

ABSTRACT

The invention relates to alternate user communication routing for a one-time credential. When a user is determined to be an unauthorized user, the unauthorized user may be provided with an alternative one-time credential (e.g., one-time password, or the like) in response to the user trying to take an action (e.g., to access the organization systems in order to access information). When the unauthorized user tries to utilize the alternative one-time credential, the organization may identify the user as unauthorized and determine how to respond to the unauthorized user. In addition to the alternative one-time credential, one or more additional alternate treatments may be presented to the unauthorized user in order to identify, track, and/or prevent access by the unauthorized user.

PRIORITY CLAIM AND CROSS REFERENCE TO RELATED APPLICATIONS

The present application is a U.S. continuation patent application of,and claims priority under 35 U.S.C. § 120 to, co-pending U.S. patentapplication Ser. No. 15/995,831 filed on Jun. 1, 2018 and entitled“ALTERNATE USER COMMUNICATION ROUTING FOR A ONE-TIME CREDENTIAL,” theentire contents of both are incorporated herein by reference.

FIELD

The present invention relates generally to deterring unauthorized users,and more particularly, to identifying unauthorized users and providingalternate treatments to deter the unauthorized users from accessinginformation.

BACKGROUND

Organizations institute systems and procedures for handling unauthorizedusers and/or unauthorized access requests. These systems and proceduresare tailored to identifying potential unauthorized users and/orunauthorized requests. However, improved systems and procedures areneeded for identifying potential unauthorized users and/or unauthorizedrequests and also for responding to the unauthorized users to deter(e.g., prevent and/or reduce) future unauthorized requests.

SUMMARY

The following presents a simplified summary of one or more embodimentsof the present invention, in order to provide a basic understanding ofsuch embodiments. This summary is not an extensive overview of allcontemplated embodiments, and is intended to neither identify key orcritical elements of all embodiments nor delineate the scope of any orall embodiments. Its sole purpose is to present some concepts of one ormore embodiments of the present invention in a simplified form as aprelude to the more detailed description that is presented later.

Generally, systems, computer products, and methods are described hereinfor alternate user communication routing for a one-time credential. Forexample, when a user is determined to be an unauthorized user, theunauthorized user may be provided with an alternative one-timecredential (e.g., alternative one-time credential may include animitation one-time credential, or the like, such as an imitationone-time password, or the like) in response to the user trying to takean action (e.g., to access the organization systems in order to accessinformation). The alternative one-time credential may be embedded withmarkers that allow the organization to monitor the unauthorized userand/or any action requests made through the use of the alternativeone-time credential. For example, when the unauthorized user tries toutilize the alternative one-time credential, the organization mayidentify the user as unauthorized and determine how to respond to theunauthorized user. For the purposes of capturing further information,the organization may request a separate channel of communication be usedto transmit the alternative one-time credential, such as in a two factorauthentication process. The organization may request an alternate email,telephone number, or the like to transmit the alternative one-timecredential and may subsequently log the email address, telephone number,or the like in the unauthorized user's information for later referenceand identification purposes. It should be understood, that the use ofthe alternative one-time credential allows the organization to moreeasily identify unauthorized users (e.g., in future requests from theunauthorized users, or the like), track the actions of the unauthorizedusers (e.g., through markers in the alternative one-time credential, orthe like), and/or prevent unauthorized access by the unauthorized users(e.g., prevent the unauthorized user from access the requestedinformation, or the like). In addition to the alternative one-timecredential, one or more additional alternate treatments may be presentedto the unauthorized users in order to identify, track, and/or preventaccess by unauthorized users. The alternate treatments for unauthorizedusers discussed herein improve the security of the organizations systemsby providing alternate treatments to unauthorized users in a way thatrandomizes how unauthorized users are treated, which deters theunauthorized users from being able to identify how they will be treatedand develop responses for the alternate treatments.

Embodiments of the invention comprise systems, computer implementedmethods, and computer program products for providing an alternatetreatment for an interaction with unauthorized users. The inventioncomprises receiving a request from a user to access information, andreceiving an authentication credential from the user, wherein theauthentication credential is received from one or more user computersystem. The invention further comprises receiving a request for a onetime credential, wherein the request is received from the one or moreuser computer systems. The invention also comprises determining when theuser is an unauthorized user based on the authentication credential andtransmitting an alternative one time credential to the unauthorizeduser. The invention further comprises receiving the alternative one timecredential from the unauthorized user, providing an alternate treatmentto the unauthorized user, and capturing unauthorized user informationfrom the unauthorized user based on the alternative one time credentialor the alternate treatment.

In other embodiments, the invention further comprises requesting contactinformation from the unauthorized user to receive the alternative onetime credential, receiving the contact information from the unauthorizeduser, and sending the alternative one time credential based to theunauthorized user based on the contact information received from theunauthorized user.

In further accord with embodiments of the invention, the alternative onetime credential is transmitted to the one or more user computer systemsfrom which the authentication credential was received.

In still other embodiments of the invention, the alternative one timecredential is transmitted to the one or more user computer systems thatis different than the one or more user computer systems from which theauthentication credential was received.

In yet other embodiments, the invention further comprises determiningalternate treatments previously presented to the unauthorized user, andidentifying the alternate treatment to present to the unauthorized user,wherein the alternate treatment is different from the alternatetreatments previously presented to the unauthorized user.

In other embodiments of the invention, the alternative one-timecredential includes one or more markers. The invention further comprisesmonitoring actions of the unauthorized user based on the one or moremarkers associated with the alternative one-time credential, wherein theone or more markers allow identification of the one or more usercomputer systems or one or more other unauthorized users to which thealternative one time credential is transferred by the unauthorized user.

In further accord with embodiments of the invention, the alternatetreatment is providing alternative information to the user. Theinvention further comprises identifying the information requested by theunauthorized user, identifying alternative information to present to theunauthorized user that corresponds to the information requested, andproviding the alternative information to the unauthorized user as thealternate treatment.

In still other embodiments of the invention, the information is userinformation or user resource pool information, and wherein thealternative information is alternative user information or alternativeuser resource pool information.

In yet other embodiments of the invention, the alternative informationcomprises one or more markers. The invention further comprisesmonitoring actions of the unauthorized user based on the one or moremarkers associated with the alternative information, wherein the one ormore markers allow identification of the one or more user computersystems or one or more other unauthorized users to which the alternativeinformation is transferred by the unauthorized user.

In other embodiments of the invention, the alternate treatment comprisesproviding alternative information to the unauthorized user on the one ormore user computer systems. The invention further comprises identifyingan interface in which the unauthorized user is interested, identifyingan alternative interface to present to the unauthorized user, anddisplaying the alternative interface to the unauthorized user.

In further accord with embodiments of the invention, the alternatetreatment comprises extending a time for the interaction. The inventionfurther comprises providing an icon to the unauthorized user on the oneor more user computer systems indicating that the information is beingaccessed, and preventing the information from being provided to theunauthorized user on the one or more user computer systems for as longas the unauthorized user maintains the interaction.

In still other embodiments of the invention, the alternate treatmentcomprises extending a time for the interaction. The invention furthercomprises placing the unauthorized user on hold, and preventing theunauthorized user on hold from being transferred to a representative forso long as the unauthorized user maintains the interaction.

In yet other embodiments of the invention, the alternate treatmentcomprises indicating that the requested information is unavailable. Theinvention further comprises identifying the information in which theunauthorized user has requested, and providing an indication that theinformation is currently unavailable to the unauthorized user on the oneor more user computer systems.

In further accord with embodiments of the invention, the alternatetreatment comprises requesting contact information from the unauthorizeduser. The invention further comprises identifying the information inwhich the unauthorized user has requested, preventing the informationfrom being provided to the unauthorized user, and requesting the contactinformation from the unauthorized user in order to provide follow upcommunication with respect to the information.

In other embodiments of the invention, the alternate treatment comprisestransferring the unauthorized user to an alternate channel. Theinvention further comprises identifying a representative to which totransfer the unauthorized user, wherein the representative is trained torespond to unauthorized users, and transferring the unauthorized user tothe representative.

To the accomplishment the foregoing and the related ends, the one ormore embodiments comprise the features hereinafter described andparticularly pointed out in the claims. The following description andthe annexed drawings set forth certain illustrative features of the oneor more embodiments. These features are indicative, however, of but afew of the various ways in which the principles of various embodimentsmay be employed, and this description is intended to include all suchembodiments and their equivalents.

BRIEF DESCRIPTION OF THE DRAWINGS

Having thus described embodiments of the invention in general terms,reference will now be made to the accompanying drawings, and wherein:

FIG. 1 illustrates a block diagram of an alternate treatment systemenvironment, in accordance with one or more embodiments of theinvention.

FIG. 2 illustrates a high level process flow for an alternate treatmentfor routing for unauthorized users, in accordance with one or moreembodiments of the invention.

FIG. 3 illustrates a process flow for an alternate user communicationrouting for a one-time credential for unauthorized users, in accordancewith one or more embodiments of the invention.

DETAILED DESCRIPTION OF EMBODIMENTS OF THE INVENTION

Embodiments of the invention will now be described more fullyhereinafter with reference to the accompanying drawings, in which some,but not all, embodiments of the invention are shown. Indeed, theinvention may be embodied in many different forms and should not beconstrued as limited to the embodiments set forth herein; rather, theseembodiments are provided so that this disclosure will satisfy applicablelegal requirements. In the following description, for purposes ofexplanation, numerous specific details are set forth in order to providea thorough understanding of one or more embodiments. It may be evident;however, that such embodiment(s) may be practiced without these specificdetails. Like numbers refer to like elements throughout.

Systems, methods, and computer program products are herein disclosed foralternate user communication routing for a one-time credential. Forexample, when a user is determined to be an unauthorized user, theunauthorized user may be provided with an alternative one-timecredential (e.g., one-time password, or the like) in response to theuser trying to take an action (e.g., to access the organization systemsin order to access information). The alternative one-time credential maybe embedded with markers that allow the organization to monitor theunauthorized user and/or any action requests made through the use of thealternative one-time credential. For example, when the unauthorized usertries to utilize the alternative one-time credential, the organizationmay identify the user as unauthorized and determine how to respond tothe unauthorized user. For the purposes of capturing furtherinformation, the organization may request a separate channel ofcommunication be used to transmit the alternative one-time credential,such as in a two factor authentication process. The organization mayrequest an alternate email, telephone number, or the like to transmitthe alternative one-time credential and may subsequently log the emailaddress, telephone number, or the like in the unauthorized user'sinformation for later reference and identification purposes. It shouldbe understood, that the use of the alternative one-time credentialallows the organization to more easily identify unauthorized users(e.g., in future requests from the unauthorized users, or the like),track the actions of the unauthorized users (e.g., through markers inthe alternative one-time credential, or the like), and/or preventunauthorized access by the unauthorized users (e.g., prevent theunauthorized user from access the requested information, or the like).In addition to the alternative one-time credential, one or moreadditional alternate treatments may be presented to the unauthorizedusers in order to identify, track, and/or prevent access by unauthorizedusers. The alternate treatments for unauthorized users discussed hereinimprove the security of the organizations systems by providing alternatetreatments to unauthorized users in a way that randomizes howunauthorized users are treated, which deters the unauthorized users frombeing able it identify how they will be treated and develop responsesfor the alternate treatments.

FIG. 1 illustrates an alternate treatment system environment 1, inaccordance with embodiments of the invention. As illustrated in FIG. 1,one or more organization systems 10 are operatively coupled, via anetwork 2, to one or more user computer systems 20 (e.g., authorizeduser systems and/or unauthorized user systems), one or more third-partysystems 30, and/or one or more other systems (not illustrated). In thisway, the organization systems 10 may receive communications, includingauthentication credentials, or the like, from a user 4 (e.g., one ormore associates, employees, agents, contractors, sub-contractors,third-party representatives, customers, or the like), which may be anauthorized user or an unauthorized user, and thereafter, utilize thesystems and processes described herein to identify unauthorized users,capture additional information for unauthorized users, and/or preventfuture actions by unauthorized users. As such, the one or moreorganization systems 10 may be utilized to identify unauthorized usersand take actions in order to capture unauthorized user information fromthe unauthorized users through communication with the user computersystems 20, the third party systems 30, and/or the other systems, aswill be discussed in further detail herein. As such, embodiments of thepresent invention allow for improved security through improvedidentification and monitoring of unauthorized users.

The network 2 illustrated in FIG. 1 may be a global area network (GAN),such as the Internet, a wide area network (WAN), a local area network(LAN), or any other type of network or combination of networks. Thenetwork 2 may provide for wireline, wireless, or a combination ofwireline and wireless communication between systems, services,components, and/or devices on the network 2.

As illustrated in FIG. 1, the one or more organization systems 10generally comprise one or more communication components 12, one or moreprocessor components 14, and one or more memory components 16. The oneor more processor components 14 are operatively coupled to the one ormore communication components 12 and the one or more memory components16. As used herein, the term “processor” generally includes circuitryused for implementing the communication and/or logic functions of aparticular system. For example, a processor component 14 may include adigital signal processor, a microprocessor, and variousanalog-to-digital converters, digital-to-analog converters, and othersupport circuits and/or combinations of the foregoing. Control andsignal processing functions of the system are allocated between theseprocessor components according to their respective capabilities. The oneor more processor components 14 may include functionality to operate oneor more software programs based on computer-readable instructions 18thereof, which may be stored in the one or more memory components 16.

The one or more processor components 14 use the one or morecommunication components 12 to communicate with the network 2 and othercomponents on the network 2, such as, but not limited to, the one ormore user computer systems 20, the one or more third-party systems 30,and/or one or more other systems. As such, the one or more communicationcomponents 12 generally comprise a wireless transceiver, modem, server,electrical connection, electrical circuit, or other component forcommunicating with other components on the network 2. The one or morecommunication components 12 may further include an interface thataccepts one or more network interface cards, ports for connection ofnetwork components, Universal Serial Bus (USB) connectors and the like.

As further illustrated in FIG. 1, the one or more organization systems10 comprise computer-readable instructions 18 stored in the one or morememory components 16, which in one embodiment includes thecomputer-readable instructions 18 of organization applications 17 (e.g.,web-based applications, dedicated applications, specializedapplications, or the like that are used to monitor, communicate with,and/or take actions with respect to the authorized users and/orunauthorized users). In some embodiments, the one or more memorycomponents 16 include one or more data stores 19 for storing datarelated to the one or more organization systems 10, including, but notlimited to, data created, accessed, and/or used by the one or moreorganization applications 17. The one or more organization applications17 may be applications that are specifically used for providing servicesto authorized users, for monitoring, communicating with, and/orcapturing information from unauthorized users, and/or the like (e.g., byinteracting with the user computer systems 20 and user applications 27,the third party systems 30 and third party applications 37, or othersystems).

As illustrated in FIG. 1, users 4 may try to access the organizationsystems 10 in order to access information from the organization systems(e.g., organization information, user information, resource poolinformation, or the like). In some embodiments the users 4 may beauthorized users, such as users that are supposed to have access to theorganization systems and/or associated applications, alternatively, theusers may be unauthorized users, such as users that are trying tomisappropriate information from authorized users, the organization,and/or third-parties, or the like. The users 4 may utilize the usercomputer systems 20 (e.g., authorized user computer systems orunauthorized user computer systems) to communicate with and/or accessinformation from the organization systems 10. As such, it should beunderstood that the one or more user computer systems 20 may be any typeof device, such as a desktop, mobile device (e.g., laptop, smartphonedevice, PDA, tablet, watch, wearable device, or other mobile device),server, or any other type of system hardware that generally comprisesone or more communication components 22, one or more processorcomponents 24, and one or more memory components 26, and/or the userapplications 27 used by any of the foregoing, such as web browsersapplications, dedicated applications, specialized applications, orportions thereof.

The one or more processor components 24 are operatively coupled to theone or more communication components 22, and the one or more memorycomponents 26. The one or more processor components 24 use the one ormore communication components 22 to communicate with the network 2 andother components on the network 2, such as, but not limited to, the oneor more organization systems 10, the one or more third-party systems 30,and/or the one or more other systems. As such, the one or morecommunication components 22 generally comprise a wireless transceiver,modem, server, electrical connection, or other component forcommunicating with other components on the network 2. The one or morecommunication components 22 may further include an interface thataccepts one or more network interface cards, ports for connection ofnetwork components, Universal Serial Bus (USB) connectors and the like.Moreover, the one or more communication components 22 may include akeypad, keyboard, touch-screen, touchpad, microphone, speaker, mouse,joystick, other pointer, button, soft key, and/or other input/output(s)for communicating with the users 4.

As illustrated in FIG. 1, the one or more user computer systems 20 mayhave computer-readable instructions 28 stored in the one or more memorycomponents 26, which in one embodiment includes the computer-readableinstructions 28 for user applications 27, such as dedicated applications(e.g., apps, applet, or the like), portions of dedicated applications, aweb browser or other applications that allow the one or more usercomputer systems 20 to operate, that allow users 4 to access and/or takevarious actions with respect to the one or more organizations systems 10through the use of the one or more user computer systems 20, or thelike.

As illustrated in FIG. 1, the one or more third-party systems 30 maycommunicate with the one or more organization systems 10 and/or the oneor more user computer systems 20 directly or indirectly. The one or morethird party systems 30, and/or third-party applications 37 thereof, mayprovide additional information to the one or more organization systems10. As such, the one or more third-party systems 30 are operativelycoupled, via a network 2, to the one or more organization systems 10,the one or more user computer systems 20, and/or the one or more othersystems. The one or more third-party systems 30 generally comprise oneor more communication components 32, one or more processor components34, and one or more memory components 36.

The one or more processor components 34 are operatively coupled to theone or more communication components 32, and the one or more memorycomponents 36. The one or more processor components 34 use the one ormore communication components 32 to communicate with the network 2 andother components on the network 2, such as, but not limited to, the oneor more organization systems 10, the one or more user computer systems20, and/or the one or more other systems. As such, the one or morecommunication components 32 generally comprise a wireless transceiver,modem, server, electrical connection, or other component forcommunicating with other components on the network 2. The one or morecommunication components 32 may further include an interface thataccepts one or more network interface cards, ports for connection ofnetwork components, Universal Serial Bus (USB) connectors and the like.

As illustrated in FIG. 1, the one or more third-party systems 30 mayhave computer-readable instructions 38 stored in the one or more memorycomponents 36, which in some embodiments includes the computer-readableinstructions 38 of one or more third party applications 37 that provideuser information (e.g., authorized user information and/or unauthorizeduser information) to the one or more organization systems 10. The accessto the one or more third-party systems 30, or applications thereof, maybe controlled by the one or more organization systems 10 and/or one ormore user computer systems 20, as will be described herein.

Moreover, as illustrated in FIG. 1, the one or more other systems (notillustrated) may be operatively coupled to the one or more organizationsystems 10, the one or more user computer systems 20, and/or the one ormore third-party systems 30, through the network 2. The other systemshave features that are the same as or similar to the features describedwith respect to the one or more organization systems 10, the one or moreuser computer systems 20, and/or the one or more third-party systems 30(e.g., one or more communication components, one or more processorcomponents, and one or more memory components with computer-readableinstructions of one or more applications, one or more datastores, or thelike). Thus, the one or more other systems communicate with the one ormore organization systems 10, the one or more user computer systems 20,the one or more third-party systems 30, and/or each other in same orsimilar way as previously described with respect to the one or moreorganization systems 10, the one or more user computer systems 20,and/or the one or more third-party systems 30.

FIG. 2 illustrates a high level process flow for an alternate treatmentfor routing for unauthorized users (e.g., identifying potentialunauthorized users and/or providing alternate user treatment routings),in accordance with embodiments of the present invention. Block 110 ofFIG. 2 illustrates that the one or more organization systems 10 receivea communication from a user. The communication may includeauthentication credentials and/or a requested action from the user. Itshould be understood that the one or more authentication credentials maybe any type of authentication credential and/or combination ofauthentication credentials. For example, in some embodiments, the one ormore authentication credentials may include a user identification (e.g.,user name, string of characters—numbers, alphabetic and/or symbols,e-mail address, phone number, or the like) and/or a password, computersystem identification (e.g., mobile device identifier, laptop deviceidentifier, or the like), biometric identification (e.g., fingerprint,eye scan, facial recognition, or the like), security questions, or thelike. Moreover, the requested action may be a request to accessinformation from the organization (e.g., confidential information of theorganization, user information, and/or resource information, or thelike). For example, the confidential information of the organization maybe customer information, organization operational information,organization resource information, or the like. In other examples, theuser information may be personal information of a particular user, suchas a customer, employee, representative, or the like (e.g., userinformation, such as legal name, SSNs, addresses, phone numbers, or thelike), while the user resource information may include resource poolinformation for the resource pools of the user (e.g., resource poolnumbers, resource pool balances, resource pool interactions, such astransactions for products—goods and/or services, transfers, withdrawals,deposits, related resource pools and associated resource poolinformation from within the organization or with third-parties linktogether, or the like). It should be understood that as discussedherein, when an authorized user and/or a unauthorized user takes anaction or initiates any form of communication, it may be performed bythe authorized user and/or unauthorized user, or it may be performed bythe authorized user computer system 20 and/or unauthorized user computersystem 20, and/or other third-party system 30 for the authorized userand/or the unauthorized user.

Block 120 of FIG. 2 illustrates that user information and/or usercomputer system information is captured from the user. This informationcan be used by the organization systems 10 to determine the identity ofthe user entering into the communication, making an action request,and/or taking the action and may be compared to data in the datastore 19in order to determine if the user 4 or user computer system 20 haspreviously communicated with and/or made an action request from theorganization systems 10. For example, the one or more organizationsystems 10 may utilize user information, computer system information, orthe like that is captured from the user 4 and/or user computer systems20 from the communication from the user 4 in order to determine theidentity of the user 4 entering into the communication. The identity ofthe user 4 entering into the communication may be associated with otherinformation stored by the organization systems 10, such as otherauthentication credentials, previous actions of the user, one-timecredentials previously presented to the user, resource pool information,user information, and the like. In addition, the organization systems 10may communicate the captured information to third party systems 30 forfurther data sharing and identification capabilities (e.g., sharecaptured information with third-parties in order to determine if theuser has been identified by another organization). In some embodiments,there may be a channel of communication established over network 2between one or more third-party systems 30 and/or organization systems10 to share information and enhance the ability of both systems toidentify the users and/or user computer systems 20 based on the capturedinformation.

FIG. 2 illustrates in block 130 that the one or more organizationsystems 10 may determine if the user is an unauthorized user bycomparing the user information and/or user computer system informationcaptured from the user 4 with stored information about unauthorizedusers. In some examples, the one or more organization systems 10 mayaccess information regarding unauthorized users (e.g., a databases ofunauthorized users and associated numbers, addresses, e-mail accounts,IP addresses, computer system identifications, Wifi identifiers, orother like information stored that may be related to identifiedunauthorized users). In other examples, patterns may be stored forunauthorized users that illustrate user actions over time that mayindicate that the user 4 in the present communication may potentially bean unauthorized user. For example, if the same system (e.g., based on IPaddress, phone number, or other system identifier) tries to accessmultiple accounts of different users within a time period (e.g., accessthree different user resource pools within 15 minutes, or the like) thesystem may be identified as an unauthorized user computer system. Itshould be understood, the determination of the whether or not the user 4and/or user computer system 20 is an authorized user and/or unauthorizeduser computer system may be based on the rules determined by eachorganization. For example, each organization may determine what userinformation, computer system information, and/or patterns of each user 4may identify the user 4 as potentially an unauthorized user.

In some embodiments, a user 4 may have an established history ofcommunicating over a particular channel (e.g., telephone, chat, e-mail,Internet phone, website, online portal, or the like) and/or with thirdparty systems 30 that may indicate a pattern of unauthorized activity,and the third party systems 30 may share this information over network 2with the organization systems 10. In some embodiments, the third partysystems 30 may be other organizations that are in the same business orindustry as the organization, and thus, may share information in orderto identify unauthorized users. In other embodiments, third partysystems 30 may represent a specialized organizations, such as aninvestigative agency that has identified unauthorized user activityassociated with specific user information, user computer information,and/or user behavior patterns. The data associated with specific userinformation, user computer information, and user behavior patterns mayexist solely with the organization systems 20 or third party systems 30,and/or may be exist with both parties. In some instances accessing userinformation from third parties may require the organization systems 10to initiate a request for third party verification or correlation ofcaptured user information over the network 2.

Block 140 of FIG. 2 illustrates that in response to determining that theuser 4 involved in the communication is, or is potentially, anunauthorized user, the one or more organization systems 10 may providean alternate treatment (e.g., randomized treatment, or the like) to theunauthorized user. For example, the alternate treatment may be differentthan what treatment would be provided to an authorized user, or whattreatment may be typically provided to an unauthorized user (e.g.,ending the communication with the unauthorized user). In someembodiments, the alternate treatment provided by the organizationsystems 10 may be randomized from a group of possible alternatetreatments. In this way, the unauthorized user is prevented frompreparing for or anticipating the alternate treatment. It should beunderstood that the alternate treatment may be based on thecommunication channel through which the unauthorized user is enteringinto the communication (e.g., call—Internet or telephone call, Internetchat, request made through a portal provided over the Internet, or thelike); the request the unauthorized user is making (e.g., request toaccess confidential information, request to change a password, requestto change contact information, request to enter into an interaction—froma specific resource pool, for a resource amount, to an associatedresource pool, or the like); the identity of the user (e.g., if theunauthorized user can be identified as a specific repeat unauthorizeduser to which alternate treatments have been previously provided); orthe like.

In some embodiments, the alternate treatment presented to anunauthorized user may be further based on a determination of what one ormore alternate treatments were previously presented to the unauthorizeduser. For example, if the last time the unauthorized user communicatedover a telephone call, the unauthorized user was placed on hold for anextended period of time (e.g., 2, 3, 4, 5, 10, or the like times thenormal wait time), the next time the unauthorized user is identified,the unauthorized user may be transferred to one or more differentrepresentatives (e.g., to extend the communication time of theunauthorized user), while the next time the unauthorized user isidentified, an indication may be provided to the unauthorized user thatparticular features related to the unauthorized user's action requestare not currently available. As such, the alternate treatments presentedto the unauthorized user may morph based on the action requests of theunauthorized user and the alternate treatments previously presented tothe unauthorized user.

It should be understood that in the situations where a representative ofthe organization is communicating with the unauthorized user, therepresentative may or may not know that the unauthorized user has beenidentified as unauthorized (e.g., potentially unauthorized or confirmedas unauthorized). In some instances it may be beneficial for therepresentative to be unaware that the unauthorized user is unauthorizedbecause the representative may be unfamiliar with handling unauthorizedusers. As such, in some embodiments, the one or more organizationsystems 10 may provide recommended alternate treatments (e.g.,escalation to a particular group of representatives that handlepotential misappropriation, extension of the communication, recommendedinquires to ask the unauthorized user, or the like) without indicatingto the representative the reason for the recommended alternatetreatment. In other embodiments, the representative may be aware thatthe unauthorized user has been identified as unauthorized. In someembodiments, if the representative is aware that the unauthorized useris unauthorized then the representative may be able to apply specificalternate treatments based on the communication with the unauthorizeduser.

Block 150 of FIG. 2 further illustrates that the one or moreorganization systems 10 capture information from the unauthorized userbased on the unauthorized user's responses to the alternate treatment.As will be discussed above, and in further detail below, the alternatetreatment may be implemented not only to prevent the unauthorized userfrom realizing that the unauthorized user has been detected, but also tomonitor the unauthorized user in order to capture information from theunauthorized user that may help to identify other unauthorized usersand/or deter (e.g., reduce or prevent) further unauthorized access. Forexample, the one or more organization system 10 may be able to captureother personal information from the unauthorized user, may be able todetermine how the unauthorized user operates based on alternativeinformation, and/or may be able to determine other resource pools and/orother unauthorized users that the unauthorized user communicates withand/or transacts with.

As will be described in further detail herein, the one or moreorganization systems 10 gain advantages from randomizing the alternatetreatments provided to the unauthorized users. For instance, if theorganization systems 10 provides randomized alternate treatments, theunauthorized users are not able to decipher a specific set of treatmentsto routinely expect from the organization systems 10. As such, theunauthorized users are not able to discern whether or not they have beendetected as unauthorized based on the treatment pattern alone.Additionally, the unauthorized users may not have the informationrequired by every specific alternate treatment possibility, andtherefore, the task of additional verification for suspectedunauthorized users includes an additional level of complexity.Furthermore, the organization system 10 may gain a better understandingof the authorized user by observing genuine reactions from theunauthorized users which are prompted by the randomized alternatetreatments. For instance, the unauthorized user may have a scripted orrecorded response to a certain treatment for which they expect to beprovided from the system at a certain point in the authorizationprocess. By randomizing the alternate treatments provided to suspectedor confirmed unauthorized users, the system may place the user in asituation where they must revert to producing an original response. Thisallows for additional data points to be collected by the organizationsystem 10 in order to analyze the behavior and activity patterns ofspecific unauthorized users. These additional data points allow theorganization system to categorize the unauthorized user in more detailand later identify the unauthorized user with a higher degree ofconfidence.

Types of potential alternate treatments for unauthorized users aredescribed in further detail below; however, it should be understood thatthe potential alternate treatments discussed below are not an exhaustivelist of potential alternate treatments.

In some examples, the unauthorized user may enter into a communicationthrough a call (e.g., telephone call, Internet call, or the like),prompting the one or more organization systems 10 to provide analternate treatment of placing the unauthorized user on hold for anextended period of time (e.g., 2, 3, 4, 5, 6, 7, 8, 9, 10, times thenormal hold time for an authorized user). The increased hold time mayallow the one or more organization systems 10 to gather more informationabout the user, or may deter the user from continuing an attempt atunauthorized access. The length of the hold time may be varied by thesystems 10 in order to give the appearance that the hold times arenaturally based on a high volume of communications with respect to alimited amount of available resources. At some time before or during thehold period, the one or more organization systems 10 might also requestadditional contact information for the unauthorized user and suggest tocontact the user at the end of the hold period for the convenience ofthe unauthorized user. In this instance, the offer to contact theunauthorized user in the future is made with the objective in mind ofobtaining more usable information about the identified unauthorized user(e.g., additional contact information, such as additional phone numbers,e-mail addresses, or the like).

In other examples, the alternate treatment that is presented to theunauthorized user may be an indication that the organization has toinvestigate the request of the unauthorized user, or that theorganization has completed the request from the unauthorized user, andas such the organization systems 10 may provide a request identifier(e.g., ticket number, request number, or the like) to the unauthorizeduser for future reference. The request identifier may be a specificnumber that the organization systems 10 recognize as being associatedwith an unauthorized user. For example, should the unauthorized userutilize the request identifier in the future in order to check on thestatus of an action request made by the unauthorized user and/or use therequest identifier in order to repeat a previous action request then theorganization systems 10 can automatically identify the user as anunauthorized user based on the request identifier provided by theunauthorized user.

As another example, after determining that an unauthorized user has madean action request to access particular information, the organization mayprovide alternative information (e.g., alternative information mayinclude imitation information, randomly generated information,adversarial information, or the like, such as fake information that hasno actual meaning). For example, if an unauthorized user is requestinginformation related to a resource pool, the one or more organizationsystems 10 may provide alternative resource pool information (e.g.,imitation resource pool information, such as imitation balances,merchant interactions, or the like) to the identified unauthorized users(e.g., provide reduced balances, or the like). For example, by providinga reduced resource pool balance than what is actually in the resourcepool, it may prevent an unauthorized user from trying to misappropriatethe resources from the resource pool (e.g., indicate that the resourcepool only has a balance of $15, and thus, not worth the time for anunauthorized user to try to access). In some embodiments, after anunauthorized user is identified a pattern may also be identified for theunauthorized user. The pattern may indicate that the unauthorized userdoes may take actions within resource pools that have balances below athreshold value. As such, the random treatment may be to provide analternative resource pool balance below the threshold value.

In other examples, the one or more organization systems 10 may provideother alternative information to an unauthorized user, such asalternative user information (e.g., alternative user name, or the like,such as imitation name, imitation information and/or randomly generatedname or information, or the like), other alternative resource poolinformation (e.g., alternative linked accounts, or the like, such asimitation linked accounts), alternative interaction information (e.g.,alternative transactions, or the like, such as imitation transactions),or the like in order to allow the one or more organization systems 10 totrack and/or monitor the unauthorized user. For example, an alternativeresource pool interface may be provided that allows the unauthorizeduser to take actions within the alternative resource pool interface thatthe unauthorized user believes is real in order to capture otherunauthorized users (e.g., names, or the like), other contact information(e.g., e-mail addresses, phone numbers, or the like), and/or otherresource pool information (e.g., resource pool numbers, locations, orthe like) with which the unauthorized user is trying to interact. Forexample, the unauthorized user may be trying to transfer alternativeresources (e.g., imitation resources, such as fake resources) from thealternative resource pool to an actual resource pool of the unauthorizeduser. In this way, the unauthorized user is given the impression thatthey have not been detected, allowing the one or more organizationsystems 10 to monitor the behavior of the unauthorized users for alonger period of time.

In some embodiments, the alternate treatment may be indicating to theunauthorized user that one or more particular features associated withan action request from the unauthorized user is disabled. In this way,the organization systems may present some of the information (e.g.,actual information and/or alternative information) in which theunauthorized user is interested, but not provide the complete set ofinformation. As such, the information provided to the unauthorized useris not useful to the unauthorized user, but may extend the communicationwith the unauthorized user, and/or may allow the organization to provideadditional alternate treatments. For example, in response to indicatingthat some features are not available the organization may requestadditional contact information to follow-up with the unauthorized user,may provide a request identifier to track the unauthorized user, mayprovide alternative information to the user, or the like.

In some embodiments, the alternate treatment may include the systems 10providing alternative authentication credentials (e.g., incorrectsecurity questions and/or answers, incorrect passwords or user names, orthe like) to the unauthorized user. As such, when such alternativeauthentication credentials is utilized in the future then theunauthorized user may be identified. For example, should theunauthorized user request access the user information, the organizationsystem 10 may present the user with an alternative address, alternativephone number, alternative user identification or the like (e.g.,imitation address, imitation phone number, imitation useridentification, or the like). As such, should the one or moreorganization systems 10 receive the alternative address, the alternativephone number, the alternative user identification, or the like, orcombinations thereof in the future associated with a request from auser, then the one or more organization systems 10 may be able toidentify the user as an unauthorized user. In other examples, should theunauthorized user try to access a user's security questions, theorganization may provide alternative security answers to theunauthorized user (e.g., imitation security questions, or the like). Assuch, when the unauthorized user tries to access information from theorganization in the future using the alternative security answers, thenthe organization systems are able to identify the user as unauthorizedand present additional alternate treatments to the unauthorized userand/or capture additional information about the unauthorized user.

As another example alternate treatment, in the instance where theunauthorized user is entering into a communication through a chat overthe Internet, the alternate treatment may be the same or similar to thealternate treatment for a telephone call. As such, the alternatetreatment may include placing the unauthorized user on hold or anextended period of time, requesting additional contact information,providing alternative resource pool information, providing alternativeauthentication credentials, providing a request identifier, or otherlike treatment in order to monitor and capture information from theunauthorized user.

In the instance where the unauthorized user is entering into acommunication to access information over the Internet or on a call(e.g., access resource pool information, or the like), the alternatetreatment may be extending the time for which a response to the requestis instituted (e.g., provide an icon, such as a buffering icon, an errormessage, or the like), delaying the time for the response in order toidentify and/or create an alternative interface to display to theunauthorized user (e.g., alternative interface may include an imitationinterface, randomly generally interface, adversarial interface, whichmay include alternative information, such as imitation information, orthe like). For instance, the one or more organization systems 10 mayidentify a specific user computer that is known to be associated withunauthorized access. As such, in the event that an unauthorized user isattempting to enter into a communication to access a resource poolthrough an online portal, website, computer program or the like, the oneor more organization systems 10 have ample opportunities to stallcommunication while creating the appearance of naturally occurringcommunication issues (e.g., buffering, Internet connectivity, or thelike). For instance, the response time from the one or more organizationsystems 10 through an online portal may be reduced to create theappearance of a bad internet connection, overloaded server volume, orbrowser compatibility issue. In some embodiments, the one or moreorganization systems 10 may request that the identified unauthorizeduser attempt to access the online portal using a different Wifi or dataconnection, and/or different user computer system (e.g., hardware orapplications—indicate that the mobile device and/or application do notmeet system requirements). Should the unauthorized user utilize adifferent computer system or connection means, the organization systemis able to capture additional information about the unauthorized user.For instance, an unauthorized user may have inadvertently enabledlocation services for a specific device or application, which thesefeatures were disabled in the unauthorized user's primary device orapplication used to make the initial communication. In other examples,the location of the unauthorized user may be determined if they arerequired to communication through a particular Wifi connection. In theseexamples, the alternate treatment increases the likelihood that thesystems 10 is able to gather useful information about the unauthorizeduser and also deters the attempt at unauthorized access while avoidingthe appearance that the unauthorized user has been detected.

As other examples of random treatments, in the instance where theunauthorized user is entering into any form of communication with theone or more organization systems 10, the unauthorized user may beprovided with an alternative one-time credential (e.g., one-timepassword, or the like) to access the system. The alternative one-timecredential may be embedded with markers that allow the organizationsystems 10 to monitor the unauthorized user and/or any action requestsmade through the use of the alternative one-time credential. Forexample, when the unauthorized user tries to utilize the alternativeone-time credential, the organization systems 10 may identify the useras unauthorized and determine how to respond. For the purposes ofcapturing further information, the one or more organization systems 10may request a separate channel of communication be used to transmit thealternative one-time credential, such as in a two factor authenticationprocess. The organization system 10 may request an alternate email,telephone number, or the like to transmit the alternative one-timecredential and may subsequently log the email address, telephone numberand the like within the unauthorized user's information for laterreference and identification purposes.

In some embodiments, the alternative one-time credential may trigger analert on the backend of the one or more organization systems 10 to alertthe representative that they are communicating with an unauthorizeduser. In other embodiments, the triggered alert may not be displayed tothe representative communicating with the unauthorized user in order toavoid a change in the particular representative's behavior. In otherembodiments, the use of the alternative one-time credential may escalatethe communication within the system such that the communication isre-routed to another representative trained to interact withunauthorized users.

In other examples, when the unauthorized user is entering into acommunication over a call or Internet chat, the alternate treatment mayinclude the one or more organization systems 10 requesting that theunauthorized user call back using a different telephone number,communicate using a different user computer system 10 or application, orthe like. The systems 10 may defer to a number of reasons to justifythis request, including a “poor connection,” low audio quality, issueshearing the user, a policy restriction on communicating via a particularchannel (e.g., a blocked phone number, private phone number, or thelike). In this way, this alternate treatment increases the likelihoodthat the user will provide additional information that the systems 10may retain for the user's information for later reference andidentification purposes.

In some embodiments, the one or more organization systems 10 may requestthat the unauthorized user provide additional information related to theuser information in order to proceed. For example, the organizationsystems 10 may request a specific piece of information that theunauthorized user already knows in order to create a false sense ofconfidence in the unauthorized user that they have bypassed anadditional level of security. In some instances, the organizationsystems 10 may vary the request for additional information such that theunauthorized user is required to make several access attempts beforethey are allowed to succeed. This manufactured trial and error situationvia alternate treatment increases the likelihood that the unauthorizeduser genuinely believes they have bypassed the system securityundetected, when in reality the one or more organization systems 10 areaware that the user is unauthorized and instead using the increasedcommunication to gather more potentially useful information about theunauthorized user.

As discussed herein, it should be understood that markers may beutilized along with information presented to the unauthorized user(e.g., the alternative information, the request identifiers, thealternative one-time credential, or the like). For example, should theunauthorized user request user information, security information,resource pool information, or the like, the one or more organizationsystems 10 may provide alternative user information, alternativesecurity information, alternative resource pool information, or the likealong with embedded markers that allow the organization systems 10 totrack where such alternative information is sent and/or used.

It should be understood that all of the potential alternate treatmentshave not been discussed, and the alternate treatments may change overtime for the same unauthorized user and/or based on the type of actionrequest made by the unauthorized user. In addition, the alternatetreatment for a user may change if multiple unauthorized users or usercomputers are recognized by the one or more organization systems 10 asbeing associated. For instance, the one or more organization systems 10would avoid providing the same alternate treatment to two unauthorizedusers that may be related (e.g., of the same group). However, therecognition that two users are operating as a group may also prompt theone or more organization systems 10 to include some level of consistencyin the alternate treatments to each of the users to provide a falsesense that the unauthorized users have successfully misappropriatedinformation from the one or more organization systems 10. As an example,two unauthorized users operating in a group may both attempt to accessthe same resource pool information. In this situation, it would be idealfor the organization systems 10 to display the same credentials,resource pool amounts, alternative information, or the like (e.g., evenif the information is fake) in order to avoid indicating to the usersthat the organization systems 10 are displaying different credentials,resource pool amounts, or the like.

In order to prevent the unauthorized user from realizing that theunauthorized user has been identified as unauthorized, the alternatetreatments may allow some of the unauthorized user's requests in orderto capture more information about the unauthorized user. For example, inorder to capture more information from the unauthorized user, such asthe other unauthorized users and/or the resource pools that theunauthorized user may utilize, the organization systems 10 may allowparticular action requests. The allowed action requests may includeproviding the alternative information described herein, but in someembodiments the allowed action requests may include allowing some of theunauthorized user requests. For example, the organization may allow thetransfer of some information or set up pending resource transfers if theunauthorized user is making transfers within the databases of theorganization (e.g., resource transfers between resource pools within theorganization, or the like). As such, the organization systems 10 mayallow the unauthorized user to access non-confidential informationand/or illustrate that the unauthorized user may be successful (e.g.,providing confirmation notifications that make it appear that the userrequest has occurred) in order to capture additional information fromthe unauthorized user or the unauthorized user's associates.

In some embodiments, the one or more organization systems may provide anotification (e.g., on an interface provided to the unauthorized userover the Internet, over a call with a representative, or the like),indicating that the unauthorized user's request was allowed. However, inthe future, the organization systems 10 may provide follow-upcommunication with the unauthorized user indicating that the request didnot occur because of a particular reason (e.g., unavailable resources,application errors, or other like notifications that the request did notprocess for a specific reason). The follow-up notification may include arequest for the unauthorized user to contact the organization, orrepresentative thereof, and in response additional information may becaptured from the unauthorized user. For example, the one or moreorganization systems 10 may be able to capture additional contactinformation (e.g., phone number, computer IP address, e-mail, or thelike), that the unauthorized user may be using in order to follow upwith the organization.

Generally, it should be understood that the organization will providerandom alternate treatments for handling an unauthorized user. In someembodiments, the organization would create random responses to theunauthorized user such that the unauthorized user does not know thathe/she has been identified as an unauthorized user, and/or is unable todetermine how he/she is going to be treated by the organization. Assuch, if the unauthorized user is unaware of whether or not theorganization has identified the unauthorized user as unauthorized, andthe unauthorized user is unable to predict how the organization withhandle the unauthorized user for specific requests, then theunauthorized user is less likely to develop and implement responses tomisappropriate information from the organization or its authorizedusers. It should be further understood that it may be beneficial toprevent the unauthorized user from knowing that he/she has beenidentified as unauthorized because should the unauthorized user realizethat the unauthorized user has been identified as unauthorized, then theunauthorized may be just end the communication (e.g., call or otheraction occurring through a portal, or the like) with the organizationand create a new communication with the organization through a differentchannel (e.g., move from phone interaction to Internet interaction, orthe like) or a different contact through the same channel (e.g., newphone, new computer system, new IP address, or the like).

FIG. 3 illustrates a process flow for an alternate user communicationrouting for a one-time credential for unauthorized users, in accordancewith one or more embodiments of the invention. As illustrated by block210 in FIG. 3, a request for information is received from a user, andsuch request includes authentication credentials of the user and/or auser computer system 20. It should be understood that when discussingthe user 4 herein, such reference may indicate the user or the usercomputer system 20 associated with the user (e.g., receive a requestfrom a user may include receiving the request from the user computersystem 20). Additionally, with respect to the user's actions, the user'sactions may be replaced by the actions of a system that is performingsomething on behalf of the user or user computer system 20 (e.g.,third-party systems 30 and/or other systems may take an action on behalfof the user or organization system). Moreover, it should be understoodthat the one or more authentication credentials may be any type ofauthentication credential and/or combination of authenticationcredentials. For example, in some embodiments the one or moreauthentication credentials may include a user identification (e.g., username, string of characters—numbers, alphabetic and/or symbols, e-mailaddress, phone number, or the like) and/or a password, computer systemidentification (e.g., mobile device identifier, laptop deviceidentifier, or the like), biometric identification (e.g., fingerprint,eye scan, facial recognition, or the like), security questions, or thelike, and/or a combination thereof.

It should be further understood that as described herein, theinformation being accessed using the one or more authenticationcredentials from the user 4 may relate to any type of secure data, suchas but not limited to technological data, client data, customer data,personal data, or the like. In some embodiments the secure data myinclude resource pool data of the user (e.g., financial account data ofthe user). As such, the user 4 may be accessing the user's own resourcepools to take an action (e.g., review, transfer, assign, or the like)with respect to the user's resources within the user's resource pool(e.g., user's funds). In other examples, the information being accessedis a request to access user information, such as user passwords, userpreferences, or the like (e.g., a request for a password reset, or thelike). Moreover, it should be understood that the request to accessinformation may include a request to change some of the information(e.g., change user contact, user password, or the like). It should alsobe understood that the request for accessing the information may comefrom a user 4 that is an authorized user or an unauthorized user. Assuch, the user 4 may be an authorized user or the user 4 may be anunauthorized user using the one or more authentication credentials, aswill be described herein.

Block 220 of FIG. 3 illustrates that a request is received by the one ormore organization systems 10 for a one-time credential (e.g., one timepassword, or other one-time identification). It should be understood, asdescribed above, that the one-time credential may be utilized to changea user password, verify an action (e.g., verify a transfer of resources,or the like), or access other information (e.g., user information, orthe like as described herein), or take any other action. It should beunderstood that the one-time credential may be sent to the user throughthe same or a separate channel from which the user 4 initiated thecommunication and/or sent the one or more authentication credentials.For example, the user 4 may provide authentication credentials to accessinformation through a desktop computer and the request may include arequest to provide the one-time credential through the user's mobiledevice. The one time credential may be utilized to provide additionalsecurity to the information that the user is trying to access.

FIG. 3 illustrates in block 230 that the one or more organizationsystems 10 determine when the user is an authorized user or anunauthorized user. For example, the one or more organization systems 10may utilize user information, computer system information, storedinformation about a plurality of unauthorized users, patterns of theuser and/or unauthorized user, or the like to determine if the user 4making the request is an unauthorized user. The determination of whetheror not the user is an unauthorized user or an authorized user isdescribed generally in block 130 of FIG. 2, and in further detail withrespect to co-pending U.S. patent application Ser. No. 15/995,824entitled “Alternate User Communication Routing Utilizing a Unique UserIdentification” filed concurrently herewith, and incorporated byreference herein in its entirety.

Returning to FIG. 3, as illustrated in block 240 in response todetermining that the user is an unauthorized user, the one or moreorganization systems 10 generates an alternative one-time credential. Itshould be further understood that the alternative one-time credentialwill not allow the unauthorized user to access the information in whichthe unauthorized user may be interested, but instead may be an alternatetreatment or be utilized to provide one or more alternate treatments tothe unauthorized user. It should be understood that the one or morealternate treatments may be the treatments discussed with respect toFIG. 2 described herein, and/or the one or more alternate treatmentsdescribed in further detail with respect to co-pending U.S. patentapplication Ser. No. 15/995,830 entitled “Alternate User CommunicationRouting” filed concurrently herewith, and incorporated by referenceherein in its entirety. As discussed, the alternate treatments mayinclude presenting the unauthorized user an alternative display, keepingthe user on an communication longer (e.g., Internet chat, telephonecall, or the like), extending the response time, providing an iconindicating an issue access the information (e.g., a buffering icon,working icon, or the like that indicates the system is performing afunction), or the like.

It should be understood that that the alternative one-time credentialmay be pre-determined or may be created once the user 4 is identified asbeing an unauthorized user. As such, the alternative one-time credentialmay be stored in an alternative one-time credential databases and usedas necessary, or an alternative one-time credential generator (e.g.,application or the like) may generate alternative one-time credentialsas needed. Moreover, the alternative one-time credential may be specificfor a specific type of alternate treatment or may be assigned to analternate treatment. As will be described in further detail later, thealternative one-time credential my include markers, which may be used inorder track the unauthorized user's use of the alternative one-timecredential.

The alternative one-time credential is then transmitted to theunauthorized user, as illustrated in block 250 of FIG. 3. For example,if the unauthorized user requests the one-time credential through aspecific channel, the alternative one-time credential may be presentedthrough the requested specific channel (e.g., the unauthorized user'smobile device, or the like). Alternatively, in some embodiments, itshould be understood that instead of sending the alternative one-timecredential through a pre-determined channel (e.g., stored channel) orthrough the channel through which the request was made, the organizationsystems 10 may request the unauthorized user provide user contactinformation for one or more specific channels. For example, theorganization systems 10 may request that the user provide a phonenumber, e-mail address, or other contact information in order to capturemore information about the unauthorized user or the unauthorized user'scomputer systems 20. Regardless of how the one-time credential ispresented it should be understood that, the unauthorized user believesthat he/she has successfully received a one-time credential instead ofan alternative one-time credential that may be used by the one or moreorganization systems 10 to track the use of the alternative one-timecredential by the unauthorized user.

Block 260 of FIG. 3 illustrates that the one or more organizationsystems 10 (or other systems) may receive a one-time credential from auser 4 and then determine that the one-time credential is an alternativeone-time credential from an unauthorized user (e.g., the unauthorizeduser that made the initial request or a different unauthorized user).For example, after receiving a one-time credential the one or moreorganization systems 10 (or other system) may compare the one-timecredential with stored one-time credentials (e.g., real and/oralternative). In some embodiments, one-time credential may only work fora short period of time (e.g., seconds, minutes, tens of minutes, hours,or the like), and as such, the list of active one-time credentials maybe limited. It should be understood that the alternative one-timecredential may be received by the organization system (or anothersystem) from the user computer system 20. It should be understood thatthe user computer system 20 may be an unauthorized user computer systemor an authorized user computer system that is misappropriated by theunauthorized user for purposes of accessing the information (e.g.,remotely sending the alternative one-time credential through anauthorized user computer system).

FIG. 3 in block 270 further illustrates that the one or moreorganization systems 10 (or other system), in response to receiving thealternate one-time credential, may provide an alternate treatment to theunauthorized user. It should be understood that the alternate treatmentsmay be any of the alternate treatments described with respect to block140 from FIG. 2 above, and/or described in co-pending U.S. applicationSer. No. 15/995,830 entitled “Alternate User Communication Routing,”which is incorporated by reference herein in its entirety.

In some embodiments, the alternate treatment may include accessingand/or generating alternative information to display to the unauthorizeduser in an alternative display. For example, if the unauthorized user istrying to access resource pool information of an authorized user (e.g.,customer) of the organization (e.g., user password, resource poolnumber, interactions the user made with resources, reduced balances, orthe like), then the alternative information may include alternativeresource pool information of the customer's resource pool that theorganization then provides to the unauthorized user in an alternativeinterface.

In other embodiments, after determining that the one-time authenticationcredential received is an alternative one-time authenticationcredential, the alternate treatment may include providing an iconindicating that the unauthorized user is being routed to the desiredinformation, but purposefully preventing the information from beingprovided to the unauthorized user. For example, as previously discussedherein the icon may be an alternative icon that indicates that thesystems or applications are buffering, working, or other indication thatthe systems is working. However, the alternative icon only illustratesthat the systems is working, but the actual information will never bepresented to the unauthorized user. In other embodiments, the alternatetreatment may include placing the user on hold, to extend the wait timeof the unauthorized user.

In other embodiments, the alternate treatment may include requestingadditional information from the unauthorized user about the unauthorizeduser (e.g., other contact information); requesting resource poolinformation, user names or other information needed to completed analternative action for a request (e.g., complete an alternativeinteraction for the unauthorized user in order to access informationabout other authorize users, and/or any associated systems and/orresource pools that the unauthorized user is utilizing); or other likealternate treatment discussed herein.

Block 280 of FIG. 3 further illustrates that the unauthorized user maybe monitored in a number of different ways. For example, in someembodiments, as previously described above, the alternative one-timecredential may include a marker (e.g., metadata, applet, cookie,embedded tag, or other like marker) that allows the organization totrack the use of such alternative one-time credential. For example, theone or more organization systems 10 (or other systems) may be able todetermine what the unauthorized user does with the one-time credential(e.g., store the alternative one-time credential, send the alternativeone-time to another user, uses the alternative one-time credential, orthe like). As such, the marker in the alternative one-time credentialmay allow the organization systems 10 to monitor the unauthorized useror any subsequent unauthorized user that may subsequently receive and/oruse the alternative one-time credential. In some examples, theunauthorized user may request the one-time credential from a firstcomputer system, receive the one-time credential at from a secondcomputer system, and utilize the one-time credential from a thirdcomputer system. The one or more organizations systems 10 may link thesystems and the unauthorized user together (e.g., based on the requestsand/or through the use of markers in the alternative one-timecredential) in order to use such information for further patterndevelopment associated with the unauthorized user and/or the computersystems.

Alternatively, in other embodiments of the invention, the alternatetreatment may further allow the organization systems to monitor theunauthorized user. For example, any alternative information (e.g.,including the alternative one-time credential itself) that may bepresented to the unauthorized user may be tracked. In some cases thealternative information may be alternative resource pool identifiers(e.g., account numbers), alternative resource pool transactions,alternative authentication credentials, or the like, and theorganization systems 10 can determine where the unauthorized user sentand/or used the alternative information. For example, if theunauthorized user provided alternative authentication credentials and/orresource pool identifiers to another unauthorized user, the organizationsystems 10 can determine when another unauthorized user may have triedto use the alternative authentication credentials and/or resource poolidentifiers to transfer resources and/or to enter into interactionswithout authorization.

Monitoring the actions of the unauthorized user allows the one or moreorganization systems 10 to capture additional information from one ormore of the unauthorized users (e.g., the unauthorized user thatrequested the alternative one-time credential and/or subsequentunauthorized users that received the alternative one-time credentialand/or alternative information from the original unauthorized user). Theadditional unauthorized user information that is captured may includedevices that the one or more unauthorized users may utilize in order toinitiate the unauthorized action requests, locations of the unauthorizedusers and/or devices, the actions that the unauthorized users tried toinitiate (e.g., parties involved in an interaction, cost of theinteraction, product—good or service, time of the interaction, or thelike), other authentication credentials and/or resource pool identifiersassociated with the alternative one-time credential and/or alternativeresource pool identifiers (e.g., other credentials and/or relatedresource pool numbers that the unauthorized user may use or try to usein order to transfer resources).

Moreover, the monitoring and additional information captured may allowthe organization systems 10 to recognize patterns in the actions of theone or more unauthorized users. The patterns may allow the organizationto link past misappropriation to the one or more unauthorized users,predict future misappropriation by the one or more unauthorized users,and/or identify other authentication credentials and/or resource poolsof the one or more unauthorized users. As such, the organization systems10 may be able to identify the actions one or more unauthorized usersmay take in the future through the use of the patterns, the devices,authentication credentials, and/or resource pools that were identifiedas being used by the one or more unauthorized users. It should beunderstood that the unauthorized users and/or unauthorized user actionsmay be linked together through the use of the one-time authenticationcredentials. As such, whenever an alternative one-time authenticationcredential is issued for a particular user, the alternative one-timeauthentication credential may be linked with previous alternativeone-time authentication credentials such that the unauthorized useractions over time may be tracked.

It should be understood, that the systems described herein may beconfigured to establish a communication link (e.g., electronic link, orthe like) with each other in order to accomplish the steps of theprocesses described herein. The link may be an internal link within thesame entity (e.g., within the same financial institution) or a link withthe other entity systems. In some embodiments, the one or more systemsmay be configured for selectively responding to dynamic authenticationinquires. These feeds of resource usage and availability may be providedvia wireless network path portions through the Internet. When thesystems are not providing data, transforming data, transmitting thedata, and/or creating the reports, the systems need not be transmittingdata over the Internet, although it could be. The systems and associateddata for each of the systems may be made continuously available,however, continuously available does not necessarily mean that thesystems actually continuously generate data, but that a systems arecontinuously available to perform actions associated with the systems inreal-time (i.e., within a few seconds, or the like) of receiving arequest for it. In any case, the systems are continuously available toperform actions with respect to the data, in some cases in digitizeddata in Internet Protocol (IP) packet format. In response tocontinuously receiving real-time data feeds from the various systems,the systems may be configured to update actions associated with thesystems, as described herein.

Moreover, it should be understood that the process flows describedherein include transforming the data from the different systems (e.g.,internally or externally) from the data format of the various systems toa data format associated with a particular display. There are many waysin which data is converted within the computer environment. This may beseamless, as in the case of upgrading to a newer version of a computerprogram. Alternatively, the conversion may require processing by the useof a special conversion program, or it may involve a complex process ofgoing through intermediary stages, or involving complex “exporting” and“importing” procedures, which may convert to and from a tab-delimited orcomma-separated text file. In some cases, a program may recognizeseveral data file formats at the data input stage and then is alsocapable of storing the output data in a number of different formats.Such a program may be used to convert a file format. If the sourceformat or target format is not recognized, then at times a third programmay be available which permits the conversion to an intermediate format,which can then be reformatted.

As will be appreciated by one of skill in the art in view of thisdisclosure, embodiments of the invention may be embodied as an apparatus(e.g., a system, computer program product, and/or other device), amethod, or a combination of the foregoing. Accordingly, embodiments ofthe invention may take the form of an entirely hardware embodiment, anentirely software embodiment (including firmware, resident software,micro-code, etc.), or an embodiment combining software and hardwareaspects that may generally be referred to herein as a “system.”Furthermore, embodiments of the invention may take the form of acomputer program product comprising a computer-usable storage mediumhaving computer-usable program code/computer-readable instructionsembodied in the medium (e.g., a non-transitory medium, or the like).

Any suitable computer-usable or computer-readable medium may beutilized. The computer usable or computer readable medium may be, forexample but not limited to, an electronic, magnetic, optical,electromagnetic, infrared, or semiconductor system, apparatus, ordevice. More specific examples (a non-exhaustive list) of thecomputer-readable medium would include the following: an electricalconnection having one or more wires; a tangible medium such as aportable computer diskette, a hard disk, a random access memory (RAM), aread-only memory (ROM), an erasable programmable read-only memory (EPROMor Flash memory), a compact disc read-only memory (CD-ROM), or othertangible optical or magnetic storage device.

Computer program code/computer-readable instructions for carrying outoperations of embodiments of the invention may be written in an objectoriented, scripted or unscripted programming language such as Java,Pearl, Python, Smalltalk, C++ or the like. However, the computer programcode/computer-readable instructions for carrying out operations of theinvention may also be written in conventional procedural programminglanguages, such as the “C” programming language or similar programminglanguages.

Embodiments of the invention described above, with reference toflowchart illustrations and/or block diagrams of methods or apparatuses(the term “apparatus” including systems and computer program products),will be understood to include that each block of the flowchartillustrations and/or block diagrams, and combinations of blocks in theflowchart illustrations and/or block diagrams, can be implemented bycomputer program instructions. These computer program instructions maybe provided to a processor of a general purpose computer, specialpurpose computer, or other programmable data processing apparatus toproduce a particular machine, such that the instructions, which executevia the processor of the computer or other programmable data processingapparatus, create mechanisms for implementing the functions/actsspecified in the flowchart and/or block diagram block or blocks.

These computer program instructions may also be stored in acomputer-readable memory that can direct a computer or otherprogrammable data processing apparatus to function in a particularmanner, such that the instructions stored in the computer readablememory produce an article of manufacture including instructions, whichimplement the function/act specified in the flowchart and/or blockdiagram block or blocks.

The computer program instructions may also be loaded onto a computer orother programmable data processing apparatus to cause a series ofoperational steps to be performed on the computer or other programmableapparatus to produce a computer implemented process such that theinstructions, which execute on the computer or other programmableapparatus, provide steps for implementing the functions/acts specifiedin the flowchart and/or block diagram block or blocks. Alternatively,computer program implemented steps or acts may be combined with operatoror human implemented steps or acts in order to carry out an embodimentof the invention.

Specific embodiments of the invention are described herein. Manymodifications and other embodiments of the invention set forth hereinwill come to mind to one skilled in the art to which the inventionpertains, having the benefit of the teachings presented in the foregoingdescriptions and the associated drawings. Therefore, it is to beunderstood that the invention is not to be limited to the specificembodiments disclosed and that modifications and other embodiments andcombinations of embodiments are intended to be included within the scopeof the appended claims. Although specific terms are employed herein,they are used in a generic and descriptive sense only and not forpurposes of limitation.

INCORPORATION BY REFERENCE

To supplement the present disclosure, this application furtherincorporates entirely by reference the following commonly assignedpatent applications:

U.S. patent application Docket Number Ser. No. Title Filed On8398US1.014033.3208 15/995,830 ALTERNATE Jun. 1, 2018 USER COMMU-NICATION ROUTING 8399US1.014033.3209 15/995,824 ALTERNATE Jun. 1, 2018USER COMMU- NICATION ROUTING UTILIZING A UNIQUE USER IDENTIFICATION8401US1.014033.3211 15/995,837 ALTERNATE Jun. 1, 2018 DISPLAY GENERATIONBASED ON USER IDENTIFICATION 8402US1.014033.3212 15/995,894 ALTERNATEJun. 1, 2018 USER COMMU- NICATION HANDLING BASED ON USER IDENTIFICATION

What is claimed is:
 1. A system for providing alternate treatments forinteractions with unauthorized users, the system comprising: one or morememories having computer readable code stored thereon; and one or moreprocessors operatively coupled to the one or more memories, wherein theone or more processors are configured to execute the computer readablecode to: receive a request from a user to access information; receive anauthentication credential from the user, wherein the authenticationcredential is received from one or more user computer systems; determinewhen the user is an unauthorized user based on the authenticationcredential; provide an alternate treatment to the unauthorized user,wherein the alternate treatment comprises extending a time for aninteraction by: providing an icon to the unauthorized user on the one ormore user computer systems indicating that the information is beingaccessed; and preventing the information from being provided to theunauthorized user on the one or more user computer systems for as longas the unauthorized user maintains the interaction; and captureunauthorized user information from the unauthorized user based on thealternate treatment.
 2. The system of claim 1, wherein the one or moreprocessors are further configured to execute the computer readable codeto: receive a request for a one time credential, wherein the request isreceived from the one or more user computer systems; transmit analternative one time credential to the unauthorized user; and receivethe alternative one time credential from the unauthorized user.
 3. Thesystem of claim 2, wherein the one or more processors are furtherconfigured to execute the computer readable code to: request contactinformation from the unauthorized user to receive the alternative onetime credential; receive the contact information from the unauthorizeduser; and send the alternative one time credential based to theunauthorized user based on the contact information received from theunauthorized user.
 4. The system of claim 2, wherein the alternative onetime credential is transmitted to the one or more user computer systemsfrom which the authentication credential was received.
 5. The system ofclaim 2, wherein the alternative one time credential is transmitted tothe one or more user computer systems that is different than the one ormore user computer systems from which the authentication credential wasreceived.
 6. The system of claim 2, wherein the alternative one timecredential includes one or more markers, and wherein the one or moreprocessors are further configured to execute the computer readable codeto: monitor actions of the unauthorized user based on the one or moremarkers associated with the alternative one time credential, wherein theone or more markers allow identification of the one or more usercomputer systems or one or more other unauthorized users to which thealternative one time credential is transferred by the unauthorized user.7. The system of claim 1, wherein the one or more processors are furtherconfigured to execute the computer readable code to: determine thealternate treatments previously presented to the unauthorized user; andidentify the alternate treatment to present to the unauthorized user,wherein the alternate treatment is different from the alternatetreatments previously presented to the unauthorized user.
 8. The systemof claim 1, wherein the alternate treatment further comprises providingalternative information to the user, and wherein the one or moreprocessors are further configured to execute the computer readable codeto: identify the information requested by the unauthorized user;identify the alternative information to present to the unauthorized userthat corresponds to the information requested; and provide thealternative information to the unauthorized user as the alternatetreatment.
 9. The system of claim 8, wherein the information is userinformation or user resource pool information, and wherein thealternative information is alternative user information or alternativeuser resource pool information.
 10. The system of claim 8, wherein thealternative information comprises one or more markers, and wherein theone or more processors are further configured to execute the computerreadable code to: monitor actions of the unauthorized user based on theone or more markers associated with the alternative information, whereinthe one or more markers allow identification of the one or more usercomputer systems or one or more other unauthorized users to which thealternative information is transferred by the unauthorized user.
 11. Thesystem of claim 1, wherein the alternate treatment further comprisesproviding alternative information to the unauthorized user on the one ormore user computer systems, wherein the one or more processors arefurther configured to execute the computer readable code to: identify aninterface in which the unauthorized user is interested; identify analternative interface to present to the unauthorized user; and displaythe alternative interface to the unauthorized user.
 12. The system ofclaim 1, wherein the alternate treatment further comprises extending atime for the interaction, wherein the one or more processors are furtherconfigured to execute the computer readable code to: place theunauthorized user on hold; and prevent the unauthorized user on holdfrom being transferred to a representative for so long as theunauthorized user maintains the interaction.
 13. The system of claim 1,wherein the alternate treatment further comprises indicating that theinformation requested is unavailable, wherein the one or more processorsare further configured to execute the computer readable code to:identify the information the unauthorized user has requested; andprovide an indication that the information is currently unavailable tothe unauthorized user on the one or more user computer systems.
 14. Thesystem of claim 1, wherein the alternate treatment further comprisesrequesting contact information from the unauthorized user, wherein theone or more processors are further configured to execute the computerreadable code to: identify the information the unauthorized user hasrequested; and requesting the contact information from the unauthorizeduser in order to provide follow up communication with respect to theinformation.
 15. The system of claim 1, wherein the alternate treatmentfurther comprises transferring the unauthorized user to an alternatechannel, wherein the one or more processors are further configured toexecute the computer readable code to: identify a representative towhich to transfer the unauthorized user, wherein the representative istrained to respond to the unauthorized users; and transferring theunauthorized user to the representative.
 16. A computer implementedmethod for providing alternate treatments for interactions withunauthorized users, the method comprising: receiving, by one or moreprocessors, a request from a user to access information; receiving, bythe one or more processors, an authentication credential from the user,wherein the authentication credential is received from one or more usercomputer systems; determining, by the one or more processors, when theuser is an unauthorized user based on the authentication credential;providing, by the one or more processors, an alternate treatment to theunauthorized user, wherein the alternate treatment comprises extending atime for an interaction by: providing an icon to the unauthorized useron the one or more user computer systems indicating that the informationis being accessed; and preventing the information from being provided tothe unauthorized user on the one or more user computer systems for aslong as the unauthorized user maintains the interaction; and capturing,by the one or more processors, unauthorized user information from theunauthorized user based on the alternate treatment.
 17. The method ofclaim 16, further comprising: receive a request for a one timecredential, wherein the request is received from the one or more usercomputer systems; transmit an alternative one time credential to theunauthorized user; and receive the alternative one time credential fromthe unauthorized user.
 18. The method of claim 17, wherein thealternative one time credential includes one or more markers, andwherein the method further comprises: monitoring, by the one or moreprocessors, actions of the unauthorized user based on the one or moremarkers associated with the alternative one time credential, wherein theone or more markers allow identification of the one or more usercomputer systems or one or more other unauthorized users to which thealternative one time credential is transferred by the unauthorized user.19. A computer program product for providing alternate treatments forinteractions with unauthorized users, the computer program productcomprising at least one non-transitory computer-readable medium havingcomputer-readable program code portions embodied therein, thecomputer-readable program code portions comprising: an executableportion configured to receive a request from a user to accessinformation; an executable portion configured to receive anauthentication credential from the user, wherein the authenticationcredential is received from one or more user computer systems; anexecutable portion configured to determine when the user is anunauthorized user based on the authentication credential; an executableportion configured to provide an alternate treatment to the unauthorizeduser, wherein the alternate treatment comprises extending a time for aninteraction by: providing an icon to the unauthorized user on the one ormore user computer systems indicating that the information is beingaccessed; and preventing the information from being provided to theunauthorized user on the one or more user computer systems for as longas the unauthorized user maintains the interaction; and an executableportion configured to capture unauthorized user information from theunauthorized user based on the alternate treatment.
 20. The computerprogram product of claim 19, wherein the computer-readable program codeportions further comprise: an executable portion configured to receive arequest for a one time credential, wherein the request is received fromthe one or more user computer systems; an executable portion configuredto transmit an alternative one time credential to the unauthorized user;and an executable portion configured to receive the alternative one timecredential from the unauthorized user.